Thursday, January 27, 2005

Microsoft seems to be pushing ahead with the Genuine Advantage programme, whereby you have to prove you are licensed before you can get updates for your Windows system. The article in Computer Weekley,
Microsoft: No licence, no Windows updates describes Microsoft's plans.

I spoke with Joe Petersen, one of the many VPs in the Windows team, on Tuesday night. He described this expansion as a way of rewarding people who had legitimte copies of Windows. I'm just fine with this, however half of my legitimate machines report themeselves as NOT genuine. Joe was aware of this issue, and promised that it would be resolved before MS pushed ahead with Genuine Advantage. I hope so!

Wednesday, January 26, 2005

MS has just announced a Digital BlackBelt Security Webcast Series. This will be several months of detailed drill down into Security "problems and solutions" specifically for developers.

Here's the list:

The Software Security Crisis: Selling Management on the Need to Invest in Secure Software Development
(Level 100)
Friday, February 4, 2005 11:00 A.M.-12:00 P.M. Pacific Time,
United States and Canada (UTC-8)

Building an Intentionally Secure Development Process
(Level 200)
Friday, February 18, 2005 11:00 A.M.-12:00 P.M. Pacific Time, United States and Canada (UTC-8)

Security Principals and Guidelines
(Level 200)
Friday, March 4, 2005 11:00 A.M.-12:00 P.M. Pacific Time, United States and Canada (UTC-8)

Tuesday, January 25, 2005

I have no idea who Ashlee Simpson is, and can not recall ever hearing her name or her singing. Having said this, Stop Ashlee Simpson from "Singing" Petition is doing the rounds, and thus far, has over 190,000 signatures (and seems to be growing by 10-20k signatures per day). The original petition was created by Bethany Decker in the US, as a bit of a protest. She never dreamed it would become a popular cause.

So what impact is this likely to have. One could argue that 190,000 people can't all be wrong. On the other hand, you could assume that 'all publicity is good publicy', and that this will just help her albumn sales. But what I do find very aumusing is that on the view signature pages, the site owners have put in Google Ad frame - advertising Ashlee Simpson tickets and her 'music'.

While the world is entranced by MP3s and MP3 players, a small segment of the digital music revolution is more interested in lossless music. Using the filetypes of SHN (Shorten) or FLAC (free lossless audio codec), these file formats give better quality but result in larger files. I have a library approaching 1 terrabyte of lossless music, the centre piece of which is my collection of around 500 Greateful Dead live shows (a collection that will shortly be growing when the additional of 2TB of disk space on "back order" finally arrives!).

While SHN and FLAC files offer better quality, you need to use WinAmp, plus the relevant WinAmp Plug-ins to play them in stead of Media Player. There has been no plug in to Microsoft's Media Player to support these formats.

Welcome then to Direct Show / Windows Media Player .SHN Plug-In written by someone at RIT in the US. Don't know too much more about the author, other than his email address from the site. But it works OK (so far) and I can hear no real difference in sound quality between MedialPlayer and WinAmp with their respective plug-ins loaded.

And if you are into live music, the Live Music Archive contains tens of thousands of live concerts, many in SHN/FLAC format. This includes 2777 Grateful Dead Shows, 19 New Riders shows, and 2 Phil Lesh and Friends shows. Oddly, there's no Jerry Garcia Band or Bob Weir shows.

Saturday, January 22, 2005

Sophos researchers have discovered a new worm which poses as breaking news headlines. The worm, named
W32/Crowt-A, sends mail with the subject line, message content and attachment names all gathered in real time from CNN. For corporate users that receive news bulletins via email (I sure do!), the less savy are going to open the attachment, and load the malware. Read the Sophos bulletin for more information on the work, and it's payload.

Winternals is the commercial software firm run by Mark Russinovich and Bryce Cogswell. It's sister www.sysinternals site, is (or sure should be) well know by Windows power users around the globe as the source of outstanding free utilities. I've lost count of the number of times I've used their tools to really do useful things (e.g. regmon, filemon, bginfo, just to name a few!). Sysinternals takes those free tools to the next level and produce some really great commercial systems management tools.

Winternals is due to ship Version 5.0 later this month. The new version features improved versions of both ERD Commander and Remote Recover, a centralised navigator, and some new tools including Insight for Active Directory, AD Explorer, and Crash Analyzer Wizard. This later tool uses the standard crash dump tools you can download from MS to help you to diagnose the source of blue screens!

Full product details have not yet been posted to Winternal's site. The current version is licensed on a per administrator basis, enabling each admin to use the tools on an unlimited number of systems. A neat licensing model - here in the UK, the RRP for each license is US$1410/admin (plus US$282/year maintenance). No prices have been disclosed for the new version yet.

Thursday, January 20, 2005

Microsoft has released an MSN 7.0 Messenger Beta. There are a couple of new features, including drag and drop backgrounds and the ability to set status before logon (you can see who's online before others know you've logged in). I've been playing with it much of today and it appears solid!

The study ran for two weeks and looked at how vulnerable certain types of systems were, both to being attacked, and to being attacked successfully. The XP SP1 and Mac OSX systems were attacked at about the same level (340 attacks/hour), with 9 succesful XPsp1 attacks, and none for the Mac, or the systems running Linspire (Linux),and XP SP2 with the Internet Firewall enabled.

If this doesn't demonstrate how important it is to keep up to date, I don't know what does!

At the last PDC, Microsoft presented it's vision for Longhorn, the next version of Windows. At that time, the idea was you'd get loads of cool new stuff (whizzy presentation layer, a to die for file system, etc) by upgrading to Longhorn. It turns out that Longhrn was a bit of a tall order, and the requirement to upgrade to Longhorn was something many corporates were uncomfortable with - many of them still had not fully deployed XP yet, let along wanting to think about another roll out a couple of years down the line. So last summer, Microsoft had a rethink on the scope and direction of all this technology, the result of which was that WinFS was removed from Longhorn and is meant to come later. Additionally, MS announced Avalon (the new presentatiuon layer) and Indigo (the communications layer) were to be backported to Windows XP.

As reported over on Slashdot Microsoft has now released an initial beta of Avalon. Dubbed a Community Technology Preview (CTPs), it's a huge 261MB download. This was first made available to MSDN customers in November 2004, Microsoft has now made this a lot more widely available. CTP releases are not always super stable, so if you do decide to install it, you should probably avoid installing it on your primary workstation(s). In order to use the Avalon CTP, you also need a beta version of the .NET Framework Version 2 (download from Microsoft - it's 24MB!) your XP system (which can be XP Tablet!) needs to be at SP2, and you probably need a DirectX 9 capable graphics card as well.

Monday, January 10, 2005

I've been using Firefox a lot lately, and have switched over to it on my main workstation as my primary browser. It does NOT handle all sites perfectly, but these are few enough that I don't mind. I like the extra features that I get with Firefox and the plugs ins. When I get a suitable supply of tuits, I shall pepare a more detailed look.

It looks like I'm not the only one who is switching. For some weeks now, I've been noticing an interesting upswing web hits based on Firefox. Usage is on the upswing, based on a highly unscientific survey, aka a quick look at two websites (this blog and The WUS Wiki Site). In both cases, the stats come from Site Meter as I have their free counters running on these two sites which track (IIRC) just the last 1000 connections.

So roughly, IE's market share is down to around 75%, with Firefox at around 20%, with the others making up the numbers.

You can't read a great deal into these numbers as they change regularly over time - I regularly see huge swings in percentages, e.g. the other morning, IE had a 90% share on my personal blog. But they are certainly an indication that usage of Firefox is growing, and in places has grown to a a resptibly healthy healthy level.

Sunday, January 09, 2005

I never tire of reading Raymond Chen's The Old New Thing blog. . While sometimes he's way over my head with coding or API details, often his posts contain great explanations on some of the things that Windows does.In a recent post, Computing the size of a directory is more than just adding file sizes, Raymond looks at why computing the size of a directory is difficult. The things you can put into a directory these days is a bit advanced from the days of DOS 1.0! And, to some degree, his post makes you want to question whether the concept of the "size of a directory" is actually meaningful.

Friday, January 07, 2005

I posted about this yesterday - and I've been playing with this a bit today, first on my main desktop (which was pretty clean). It generated a couple of false positives, and the deep search identified problems contained in one of the restore points. The scan on my laptop was pretty clean too.

Microsoft yesterday released a free public beta of the recently acquired Giant anti-sypware program. MS has a
(anti) Spyware site for more information and to download the free beta. I'll post more when information on this as I play with it.

Their results show that Linux was the most breached (65.64% of all breaches recorded), while breeches of Windows based systems remained steady (25.19%). MAC OS X or BSD based online computers trended down to 4.82%. The breaches analysed hit all sectors, including home based systems (32%), SMBs (54.9%) and larger enterprises (only 2.5%). From these numbers, the smaller business was hit hardest.

Wednesday, January 05, 2005

Windows Update Services (WUS) is nearing completion - with a broad reach Beta, with Beta 2 available freely - and is due out this year. WUS is, in essence, SUS V2 and provides a number of new features currently available with SUS.

WUS is roughtly a year late so far - with expected RTM '1st half of 2005'. In October 2003 at the World Wide Partner Coference in New Orleans, I heard Steve Balmler announce SUS V2 would be delivered in the the 1st half of 2004. According to the transcript, he said "I guarantee you that if I come back to this conference, which I will -- when I am back at this conference next year, I am going to ask people whether they've deployed Software Update Services 2.0. And if as few hands go up as went up today, I'm going to have a real issue with our product development people or with our marketing people, because, believe me, this is targeted at one of the key pain points that you and our customers have identified."

WUS Beta 2 shipped last November, and RTM is due 1st half of 2005 (i.e. by end of June). Beta 2 is a solid product - it pretty much works, although there are as ever in a beta, a few minor issues to resolve.

As delivered Beta 2 provides a lot more facilities than were available in SUS, including:

Client targeting - supports different updates for different clients

Supports Exchange, SQL, Office, as well as Windows upates (despite the name!)

WUS is far from perfect (and I'm not talking about the minor bugs you sort of expect to have with a beta!). The biggest problem to me is it's usability. I find it harder to use and troubleshoot than it should be. Some specific examples of this include:

From the main WUS Admin console, there are a series of dashboard figures on the number of updates available, the number approved and the numbers not approved. These numbers to not add up properly.

From the admin console, you can see clients that have yet to be udpated. But there is no easy way to actualy see which clients these are, and what updates are missing.

The client updates should 'just work'. But when they don't (9/11 of my systems worked fine first time, 2/11 didn't and still don't. It would be faster to fully reinstall the OS than it's taken me to troubleshoot this (unsucessfully).

There are no client troubleshooting tools.

There is no control over downloading updates (downloading it either on or off).